CVE-2017-20103

Name of the Vulnerable Software and Affected Versions Kama Click Counter Plugin versions up to 3.4.8

Description A critical vulnerability has been found in the Kama Click Counter Plugin. This issue affects an unknown part of the file wp-admin/admin.php. The manipulation of the order by/order argument with the input ASC%2c(select*from(select(sleep(2)))a) leads to SQL injection (Blind). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Kama Click Counter Plugin versions up to 3.4.8, upgrade to version 3.4.9 to address this issue. As a temporary workaround, consider restricting access to the wp-admin/admin.php file until the upgrade is applied. Avoid using the order by/order argument in the affected API endpoint until the issue is resolved.